← case index
REF FN-04 · RESEARCH
ONGOING
Field Notes
A running notebook from reverse-engineering, malware analysis and CTF work — Ghidra teardowns, signal decoding, and the occasional Active Directory box.
StatusONGOING
What lives here
A rolling set of notes from reverse-engineering, malware analysis and capture-the-flag work. Less a polished blog, more a lab notebook kept in the open.
Areas
- Reverse engineering — static analysis in Ghidra: RPC client DLLs, NTLM coercion chains, DLL sideloading, API-hash resolution, and JIT-compiled flag-checkers.
- Malware analysis — obfuscated Office macro documents, Android APKs pulled apart with jadx, and ICS / OT samples.
- CTF & offensive — Active Directory boxes, a GRUB bootloader CVE, and embedded-device homebrew puzzles.
- Radio & SDR — pulling a 2-FSK transmission out of an IQ capture and decoding the flag hidden inside it.
Individual write-ups land here as I clean them up.